プラットフォーム
other
コンポーネント
translator-poqdev-add-on
修正版
1.0.12
CVE-2023-5496 is a cross-site scripting (XSS) vulnerability affecting the Translator PoqDev Add-On for Mozilla Firefox. This vulnerability arises from improper handling of text selection within the add-on, potentially allowing attackers to inject malicious scripts. The vulnerability impacts versions 1.0.11 through 1.0.11 and has been resolved in version 1.0.12.
Successful exploitation of CVE-2023-5496 could allow an attacker to execute arbitrary JavaScript code within the context of a user's Firefox browser. This could lead to the theft of sensitive information, such as cookies and session tokens, or the redirection of users to malicious websites. The attack is initiated remotely, and while the complexity is considered high, the public disclosure of the vulnerability increases the risk of exploitation. The impact is amplified if the affected add-on is widely used and trusted by users.
CVE-2023-5496 was publicly disclosed on 2023-10-10. The vulnerability has been assigned the VDB identifier VDB-241649. The public availability of the vulnerability and the lack of response from the vendor increase the likelihood of exploitation. No active campaigns or KEV listing are currently known.
Users of Mozilla Firefox who have installed the Translator PoqDev Add-On versions 1.0.11–1.0.11 are at risk. This includes individuals who rely on the add-on for translation services and those who frequently interact with untrusted websites.
disclosure
エクスプロイト状況
EPSS
0.25% (48% パーセンタイル)
CVSS ベクトル
The primary mitigation for CVE-2023-5496 is to upgrade the Translator PoqDev Add-On to version 1.0.12 or later. If upgrading is not immediately feasible, consider disabling the add-on until the update can be applied. While a direct workaround is not available, Firefox's built-in security features may offer some protection against XSS attacks. After upgrading, confirm the fix by attempting to trigger the vulnerable text selection functionality and verifying that no malicious scripts are executed.
Actualizar el complemento Translator PoqDev Add-On a una versión posterior a la 1.0.11, si existe. Si no hay actualizaciones disponibles, considerar deshabilitar o eliminar el complemento hasta que se publique una versión corregida. Consultar al proveedor para obtener más información sobre la disponibilidad de una solución.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2023-5496 is a cross-site scripting vulnerability in the Translator PoqDev Add-On for Firefox, allowing attackers to potentially execute malicious scripts through improper text selection handling.
You are affected if you use Mozilla Firefox and have the Translator PoqDev Add-On installed in version 1.0.11–1.0.11. Upgrade to 1.0.12 to mitigate the risk.
Upgrade the Translator PoqDev Add-On to version 1.0.12 or later. If upgrading is not possible, disable the add-on until the update is available.
While no active campaigns are currently confirmed, the public disclosure of the vulnerability increases the risk of exploitation.
Due to the vendor's lack of response, an official advisory may not be available. Monitor Firefox security advisories and third-party security resources for updates.